Network deception techniques face significant deployment challenges in cloud-native environments due to operational complexity, high intrusiveness, and运维 concerns—hindering large-scale adoption. Method: This paper introduces a novel “Deception-as-Code” paradigm for Kubernetes, realized via a lightweight Operator that enables declarative definition, dynamic deployment, automated rotation, and observability management of decoy resources—entirely without modifying application code. It integrates eBPF-based kernel-level traffic hijacking with service mesh–coordinated control to ensure low overhead and fine-grained controllability. Contribution/Results: Evaluated in production cloud environments, the approach demonstrates zero-code intrusion, horizontal scalability, and high maintainability. It substantially lowers the barrier to deploying proactive defense mechanisms and provides a reusable engineering framework and practical methodology for sustainable, production-grade deception in cloud-native systems.

System operators responsible for protecting software applications remain hesitant to implement cyber deception technology, including methods that place traps to catch attackers, despite its proven benefits. Overcoming their concerns removes a barrier that currently hinders industry adoption of deception technology. Our work introduces deception policy documents to describe deception technology"as code"and pairs them with Koney, a Kubernetes operator, which facilitates the setup, rotation, monitoring, and removal of traps in Kubernetes. We leverage cloud-native technologies, such as service meshes and eBPF, to automatically add traps to containerized software applications, without having access to the source code. We focus specifically on operational properties, such as maintainability, scalability, and simplicity, which we consider essential to accelerate the adoption of cyber deception technology and to facilitate further research on cyber deception.